<?php
class PublicAction extends Action
{
	// 检查用户是否登录
	protected function checkUser()
	{
		if (!isset($_SESSION[C('USER_AUTH_KEY')]))
		{
			$this->error('没有登录', 'login');
		}
	}

	// 顶部页面
	public function top()
	{
		C('SHOW_RUN_TIME', false); // 运行时间显示
		C('SHOW_PAGE_TRACE', false);
		$model = M("Group");
		$list = $model->where('status=1')->getField('id,title');
		$this->assign('nodeGroupList', $list);
		$this->display();
	}

	public function drag()
	{
		C('SHOW_PAGE_TRACE', false);
		C('SHOW_RUN_TIME', false); // 运行时间显示
		$this->display();
	}

	// 尾部页面
	public function footer()
	{
		C('SHOW_RUN_TIME', false); // 运行时间显示
		C('SHOW_PAGE_TRACE', false);
		$this->display();
	}

	// 菜单页面
	public function menu()
	{
		$this->checkUser();
		if (isset($_SESSION[C('USER_AUTH_KEY')]))
		{
			//显示菜单项
			$menu = array();
			if (isset($_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]]))
			{
				//如果已经缓存，直接读取缓存
				$menu = $_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]];
			} else
			{
				//读取数据库模块列表生成菜单项
				$node = M("Node");
				$id = $node->getField("id");
				$where['level'] = 2;
				$where['status'] = 1;
				$where['pid'] = $id;
				$list = $node->where($where)->field('id,name,group_id,title')->order('sort asc')->select();
				if (isset($_SESSION['_ACCESS_LIST']))
				{
					$accessList = $_SESSION['_ACCESS_LIST'];
				} else
				{
					import('@.ORG.Util.RBAC');
					$accessList = RBAC::getAccessList($_SESSION[C('USER_AUTH_KEY')]);
				}
				foreach ($list as $key => $module)
				{
					if (isset($accessList[strtoupper(APP_NAME)][strtoupper($module['name'])]) || $_SESSION['administrator'])
					{
						//设置模块访问权限
						$module['access'] = 1;
						$menu[$key] = $module;
					}
				}
				//缓存菜单访问 -- 如果为开发模式，则不缓存！ -by konakona
				if (APP_DEBUG != true) $_SESSION['menu' . $_SESSION[C('USER_AUTH_KEY')]] = $menu;
			}
			if (!empty($_GET['tag']))
			{
				$this->assign('menuTag', $_GET['tag']);
			}
			$this->assign('menu', $menu);
		}
		C('SHOW_RUN_TIME', false); // 运行时间显示
		C('SHOW_PAGE_TRACE', false);
		$this->display();
	}

	// 后台首页 查看系统信息
	public function main()
	{
		$info = array('操作系统' => PHP_OS, '运行环境' => $_SERVER["SERVER_SOFTWARE"], 'PHP运行方式' => php_sapi_name(), 'ThinkPHP版本' => THINK_VERSION . ' [ <a href="http://thinkphp.cn" target="_blank">查看最新版本</a> ]', '上传附件限制' => ini_get('upload_max_filesize'), '执行时间限制' => ini_get('max_execution_time') . '秒', '服务器时间' => date("Y年n月j日 H:i:s"), '北京时间' => gmdate("Y年n月j日 H:i:s", time() + 8 * 3600), '服务器域名/IP' => $_SERVER['SERVER_NAME'] . ' [ ' . gethostbyname($_SERVER['SERVER_NAME']) . ' ]', '剩余空间' => round((@disk_free_space(".") / (1024 * 1024)), 2) . 'M', 'register_globals' => get_cfg_var("register_globals") == "1" ? "ON" : "OFF", 'magic_quotes_gpc' => (1 === get_magic_quotes_gpc()) ? 'YES' : 'NO', 'magic_quotes_runtime' => (1 === get_magic_quotes_runtime()) ? 'YES' : 'NO',);
		$this->assign('info', $info);
		$this->assign('sales',D('Order')->getBig());
		$_GET['type'] == 'thisweek' && $typeName = '本周';
		$_GET['type']== 'lastmonth' && $typeName = '上月';
		$_GET['type'] == 'thismonth' && $typeName = '本月';
		$this->assign('typeName',$typeName);
		$this->display();
	}

	// 用户登录页面
	public function login()
	{
		if (!isset($_SESSION[C('USER_AUTH_KEY')]))
		{
			$this->display();
		} else
		{
			$this->redirect('Index/index');
		}
	}

	public function index()
	{
		//如果通过认证跳转到首页
		 redirect(U('main'));
	}

	// 用户登出
	public function logout()
	{
		if (isset($_SESSION[C('USER_AUTH_KEY')]))
		{
			unset($_SESSION[C('USER_AUTH_KEY')]);
			unset($_SESSION);
			session_destroy();
			$this->success('登出成功！', __URL__ . '/login/');
		} else
		{
			$this->error('已经登出！');
		}
	}

	public function checkLogin()
	{
		if (empty($_POST['account']))
		{
			$this->error('帐号必须！');
		} elseif (empty($_POST['password']))
		{
			$this->error('密码必须！');
		}

		$map = array();
		$map['username'] = $_POST['account'];
		$map['status'] = 1;
		$model = D('Administrator');

		$result = $model->where($map)->find();

		if (false === $result)
		{
			$this->error('帐号不存在或已禁用！');
		} else
		{
//			if ($result['password'] != md5($result['salt'] . md5($_POST['password'])))
			if ($result['password'] != md5(sha1($result['salt'] . $_POST['password'])))
			{
				$this->error('密码错误！');
			}

			$_SESSION[C('USER_AUTH_KEY')] = $result['id'];
			$_SESSION['loginUserName'] = $result['nickname'];
			$_SESSION['lastLoginTime'] = $result['last_login_time'];
			$_SESSION['login_count'] = $result['login_count'];
			$_SESSION['loginUserType'] = $result['type_id'];	//1 = suerpadmin
            $_SESSION['loginBossID'] = D('Boss')->where('admin_id='.$result['id'])->getField('id');

			if ($result['username'] == 'admin')
			{
				$_SESSION['administrator'] = true;
			}
			//保存登录信息
			$data = array();
			$data['id'] = $result['id'];
			$data['login_count'] = array('exp', 'login_count+1');
			$model->save($data);
			$this->success('登录成功！',U('main'));
		}
	}

		/**
		 * 针对RBAC编写，暂时不用，采用简单的登录
		 */
//    public function checkLogin() {
//        if(empty($_POST['account'])) {
//            $this->error('帐号必须！');
//        }elseif (empty($_POST['password'])){
//            $this->error('密码必须！');
//        }
//        //生成认证条件
//        $map            =   array();
//        // 支持使用绑定帐号登录
//        $map['username']	= $_POST['account'];
//        $map["status"]	=	array('gt',0);
//        import ( '@.ORG.Util.RBAC' );
//        $authInfo = RBAC::authenticate($map);
//        //使用用户名、密码和状态的方式进行认证
//        if(false === $authInfo) {
//            $this->error('帐号不存在或已禁用！');
//        } else {
//            if($authInfo['password'] != md5($authInfo['salt'].md5($_POST['password']))) {
//                $this->error('密码错误！');
//            }
//            $_SESSION[C('USER_AUTH_KEY')]	=	$authInfo['id'];
//            $_SESSION['loginUserName']		=	$authInfo['nickname'];
//            $_SESSION['lastLoginTime']		=	$authInfo['last_login_time'];
//            $_SESSION['login_count']	=	$authInfo['login_count'];
//            if($authInfo['username']=='admin') {
//                $_SESSION['administrator']		=	true;
//            }
//            //保存登录信息
//            $data = array();
//            $data['id']	=	$authInfo['id'];
//            $data['login_count']	=	array('exp','login_count+1');
//            D('Administrator')->save($data);
//
//            // 缓存访问权限
//            RBAC::saveAccessList();
//            $this->success('登录成功！',__APP__.'/Index/index');
//        }
//    }

		// 更换密码
		public
		function changePwd()
		{
			$this->checkUser();
			//对表单提交处理进行处理或者增加非表单数据
			if (md5($_POST['verify']) != $_SESSION['verify'])
			{
				$this->error('验证码错误！');
			}
			$map = array();
			$map['password'] = pwdHash($_POST['oldpassword']);
			if (isset($_POST['account']))
			{
				$map['account'] = $_POST['account'];
			} elseif (isset($_SESSION[C('USER_AUTH_KEY')]))
			{
				$map['id'] = $_SESSION[C('USER_AUTH_KEY')];
			}
			//检查用户
			$User = D("Administrator");
			if (!$User->where($map)->field('id')->find())
			{
				$this->error('旧密码不符或者用户名错误！');
			} else
			{
				$User->password = pwdHash($_POST['password']);
				$User->save();
				$this->success('密码修改成功！');
			}
		}

		public
		function profile()
		{
			$this->checkUser();
			$User = D("Administrator");
			$vo = $User->getById($_SESSION[C('USER_AUTH_KEY')]);
			$this->assign('vo', $vo);
			$this->display();
		}

		public
		function verify()
		{
			$type = isset($_GET['type']) ? $_GET['type'] : 'gif';
			import("@.ORG.Util.Image");
			Image::buildImageVerify(4, 1, $type);
		}

		// 修改资料
		public
		function change()
		{
			$this->checkUser();
			$User = D("Administrator");
			if (!$User->create())
			{
				$this->error($User->getError());
			}
			$result = $User->save();
			if (false !== $result)
			{
				$this->success('资料修改成功！');
			} else
			{
				$this->error('资料修改失败!');
			}
		}
	}